Crypto-ransomware Spreads via Poisoned Ads on Major Websites

Some of the world’s most popular news and entertainment websites have been spreading poisoned adverts to potentially hundreds of thousands of visitors, putting innocent readers at risk of having their computers hit by threats such as ransomware.

Famous sites which displayed the malicious ads and endangered visiting computers include MSN, bbc.com, the New York Times, AOL and Newsweek.

As a result, researchers at Malwarebytes say that they saw a “huge spike in malicious activity” over the weekend.

Security analysts at TrendLabs and Malwarebytes report that the attack is one of the largest ransomware campaigns seen in years, taking advantage of a recently-updated version of the notorious Angler Exploit Kit to spread malware.

Just last month the Angler Exploit Kit was found to be targeting PCs and Macs after it was updated to take advantage of a known vulnerability in Microsoft Silverlight.

And last month it was discovered that the Skype desktop app was displaying malicious ads to redirect users to a landing page for the Angler exploit kit – proving that malvertising is not just a problem inside the browser.

The Angler Exploit Kit has often been used to infect computers with the likes of the TeslaCrypt and CryptoWall ransomware, designed to take users’ computers hostage, demanding a ransom be paid in order to regain access to the device or files.

What is clear is that extortion continues to be an attractive venture for online criminals, and although the Angler Exploit Kit’s activities were disrupted last year, this latest campaign proves that it is back with a vengeance.

It seems glaringly apparent to me that there is so much malicious advertising on the internet that anytime you surf even legitimate sites without an ad blocker in place, you are putting your computer’s data at risk.

Of course, those websites which depend on ad revenue don’t like more and more of their readers resorting to ad blockers to stop their PCs from being infected or their online behaviour being tracked.

But major sites continue to be served poisoned ads by third-party ad networks, you can hardly blame regular internet users for taking rudimentary but effective protection into their own hands.

Editor’s Note:The opinions expressed in this and other guest author articles are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.